My name is knwminus and I am new to the forum. I have a quick question about C|EH. I know this is a pen testers certification and my goal is to get into network security (router/switches firewalls etc). My question is, would the C|EH be a better cert for Sysadmins (*nix, windows, etc) or for Network Engineers (Cisco/Juniper, Checkpoint etc)? I personally think it would be better for Sysadmins but that doesn't mean I don't want to do it. I am just curious to get the expert opinion here.

to be honest, CEH isnt really a purely technical or purely management for that matter. the best advantage you will get from the course is the ethical hacker mindset. sure you will learn some tools and the way they work. but why they work is much more interesting. i would say its the best step towards sysadmins. if you know how they get in, you will know how to keep them out. anyway it was the best way my boss could spend his money

CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net

From my perspetive the C|EH, eventhough the cert is geared more towards penetration testing/ethical hacking, it is a good cert for those who want to know about network security (and even sysadmins), because you learn how to exploit the weaknesses in computing systems such as routers, switches, and firewalls ( and *NIX and Windows).

I took the certification to better understand the threats against computing systems, in order to better defend against them. To see what an attack looks like from the inside.

If you are interested in network security, CEH is not a bad certification, but there may be other certifications which may be taylored more towards your goals like some SANS courses (perimeter security) or even the general Security plus if you are looking for more entry level.

I do plan to get the S+ done this year (within the next month or 2). After that there is more cisco stuff in my future. I thought that C|EH would be a good primer before GSEC, GPEN, GCFW and GCIA but after SSCP and S+. Do you think that C|EH would server that purpose well or is it a little to general? To be honest, all of the reviews I have read about the test have it as being a bit murky in terms of worth (too tools focused, to wide, etc) and I had no plans to do it for a while, that is until I started to see it on some job posting.

Last edited by knwminus on Fri Feb 26, 2010 8:49 am, edited 1 time in total.

I think C|EH would be an excellent 'primer', as you'd called it, for GPEN, OSCP and others. That said, it's still a good course for BOTH sysadmins and network engineering folks, as much of what it teaches, besides tools, is conceptual thinking, hacker mindset, and other areas which either side needs to understand, if they truly want to be security-minded in their jobs. Now, if you NEVER intend to go into the sysadmin side, then it might not be where you want to start, as you might find other certs geared more directly toward network engineering (or vice versa,) and so you have to decide where you truly want to focus.

But if you want to be well-rounded, it's a good cert to have. (Besides, a GOOD network engineer should, IMHO, have at least a grasp of what the sysadmins deal with, etc, to be effective and 'cooperative' in their working environment.) When I deal with companies and help them interview, etc, I look for rounded individuals, as those that are too focused on the network engineering or sysadmin sides, solely, tend to be difficult to work with when problems and issues arise. There's not an issue studying and working on one specific area, but I prefer the folks to be at LEAST basically studied in other technical areas. So in security, it never hurts to understand both sides of the equation.

For instance, suppose a security-based sysadmin comes to you, as a network engineer, and asks for traces or log data from your routers and switches, saying they've been experiencing what they think is a worm, or some other security risk. It helps you to understand and calm them, as you gather the data, if you have at least a basic understanding of what the worm does, and how it affects end-users, and the rest of the environment. Consequently, if you're the sysadmin, often times your network engineers don't even want to discuss their environment with you, unless you can give them data that means something in their terminology, so it helps to be open minded and again, at least a little bit cross-trained.

That's where C|EH and other certs benefit you, as they give you much more useful information and understanding of how hacking tools and things work, with relation to the overall picture. They also help to guide you in methodologies for testing your security, and to do so in a routine manner, by which you're less likely to miss things, and present a much clearer picture to those who need to see / hear it. So I'd say, it's worth your time, one way or another, if you plan to study security. As to where you put it in your priority list, that's up to you, based on your time, your other study plans, and resources available to you.

Good luck, and let us know where your studies lead!

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

I think a lot have been said about CEH here like Unsupported and Hayabusa mentioned. unless you planned to be a techy for your rest of the career (which I don't think it's a good idea....). Why am I saying that is, in order for you to go up to the career ladder, you need to be all rounded like Hayabusa said.

It's good to know more things that being too technical and detailed. for example, if you're MCSE certified, yes, you're a network engineer or Win2k3 server specialist, and it helps to pay the bill, but...when you're working, people are sleeping (taking into notion that the servers / networks are offline during non working hour)! I've been thru that situation before, and it's no fun...... and yes, Hayabusa said is right, a sysadmin will only do sysadmin work, they won't touched on security issues....

anyway, back to the question, yes, CEH is good cert to have in your resume. (some of you might not agree that, and say SANs are better, but too bad, in Asia, we don't have SANs courses here all the time.....so CEH is more known to companies in Asia). I took it because it was sponsored by the company and I don't see any harm taking the exam and passing it. good thing is I can use the tools in my course of work (I'm doing IT auditing, so I used tools to crack the passwords, perform vulnerability assessment etc in my group of companies, and yes, so far i crashed few production servers, but they're recoverable, and no complains from my clients!)

my advice to you is, yes, no harm getting extra paper certification, but don't get too techy, business world needs people that understands the business, being too techy won't get you high up there with the business people.

I earned my CEH about 2 years ago and I think it's a great cert. It really does teach you to think like an attacker and gives a very good introduction to the process of penetration testing/ethical hacking.

If you do earn the cert, I would recommend following it up with the Pentesting with Backtrack and the OSCP certification. I feel like the CEH was the theoretical and OSCP is the practical.

Thanks for the advice guys. I think I have my hands full with what I already have planned but C|EH will be on my to do list (probably early to mid 2011). I want to get the SSCP done before I do the OSCP so SSCP will also be on my to do list.

partek wrote:I earned my CEH about 2 years ago and I think it's a great cert. It really does teach you to think like an attacker and gives a very good introduction to the process of penetration testing/ethical hacking.

If you do earn the cert, I would recommend following it up with the Pentesting with Backtrack and the OSCP certification. I feel like the CEH was the theoretical and OSCP is the practical.

my thoughts exactly! i just found out that V3.0 will be available mid-march so i'm planning to sign up for the 60day version!

CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net

If it's about Sysadmins (*nix, windows, etc) or Network Engineers (Cisco/Juniper, Checkpoint etc), I would say it goes more towards Sysadmins. However, I think it's also suitable to apply in other jobs and will help to get a general view on security, especially if you have not much experience there. You will be introduced into several topics and get to know how they work and which tools can be used for certain tasks. If you are more interested in networking in general, I would say that you may benefit from Cisco or similar more, however, if you have the possibility, I would certainly take a closer look at CEH as well. I too think that it is a good way to start before going for GSEC, GPEN, GCFW and GCIA.

Thanks guys. I think I have the information I need now. C|EH will be on my to do list, after CCNP and during SSCP/CCSP. With the recent changes to the test (other post has said the C|EH is now DOD approved) maybe its popularity will pick up.